<?php
    if (!defined('__ACCESS__'))
        exit;
    if (COUNT($_POST))
    {
        $isupload = $this->get('upload');
        if ($isupload == 'photo')
        {
            if ($_FILES['image']['size'] > 200000)
            {
                echo "Size is too large!";
                echo '<script type="text/javascript" src="base/js/jquery-1.8.2.min.js"></script>';
                echo '<script type="text/javascript">';
                echo '$(document).ready(function() {';
                echo '    if($("#redirect").length != 0)';
                echo '        setTimeout(\'redirect("\' + $("#redirect").attr("url") + \'")\', $("#redirect").attr("timeout"))';
                echo '});';
                echo 'function redirect(url){';
                echo '    window.location = url;';
                echo '}';
                echo '</script>';
                $this->redirect(Config::$url, 2000, 1);
            } //$_FILES['image']['size'] > 200000
            else if ($_FILES['image']['type'] != "image/png")
            {
                echo "Invalid type!";
                echo '<script type="text/javascript" src="base/js/jquery-1.8.2.min.js"></script>';
                echo '<script type="text/javascript">';
                echo '$(document).ready(function() {';
                echo '    if($("#redirect").length != 0)';
                echo '        setTimeout(\'redirect("\' + $("#redirect").attr("url") + \'")\', $("#redirect").attr("timeout"))';
                echo '});';
                echo 'function redirect(url){';
                echo '    window.location = url;';
                echo '}';
                echo '</script>';
                $this->redirect(Config::$url, 2000, 1);
            } //$_FILES['image']['type'] != "image/png"
            else if (isset($_FILES['image']) && $_FILES['image']['size'] > 0)
            {
                // Temporary file name stored on the server
                $tmpName = $_FILES['image']['tmp_name'];
                // Read the file 
                $fp      = fopen($tmpName, 'r');
                $data    = fread($fp, filesize($tmpName));
                $data    = addslashes($data);
                fclose($fp);
                // Create the query and insert
                $sql = "UPDATE login SET avatar='$data' WHERE aid = $login->aid";
                Connection::getConnect();
                Connection::setQuery($sql);
                // Print results
                print "Your avatar has been change.";
            } //isset($_FILES['image']) && $_FILES['image']['size'] > 0
            else
            {
                print "No image selected/uploaded";
            }
            echo '<script type="text/javascript" src="base/js/jquery-1.8.2.min.js"></script>';
            echo '<script type="text/javascript">';
            echo '$(document).ready(function() {';
            echo '    if($("#redirect").length != 0)';
            echo '        setTimeout(\'redirect("\' + $("#redirect").attr("url") + \'")\', $("#redirect").attr("timeout"))';
            echo '});';
            echo 'function redirect(url){';
            echo '    window.location = url;';
            echo '}';
            echo '</script>';
            $this->redirect();
            exit;
        } //$isupload == 'photo'
        $setOR = $this->get('or');
        $ORval = $this->get('val');

        $pass  = $this->get('pass');
        $npass = $this->get('npass');
        if ($login->getPassword() != md5(md5($pass)))
        {
            echo "Wrong password!";
            exit;
        } //$login->getPassword() != md5(md5($pass))
        $sql = "UPDATE login SET password=MD5('$npass') WHERE aid='$login->aid'";
        Connection::getConnect();
        Connection::setQuery($sql);
        echo "Password changed!";
        exit;
    } //COUNT($_POST)
?>